CN105122214A - Repairing compromised system data in a non-volatile memory - Google Patents
Repairing compromised system data in a non-volatile memory Download PDFInfo
- Publication number
- CN105122214A CN105122214A CN201380075647.4A CN201380075647A CN105122214A CN 105122214 A CN105122214 A CN 105122214A CN 201380075647 A CN201380075647 A CN 201380075647A CN 105122214 A CN105122214 A CN 105122214A
- Authority
- CN
- China
- Prior art keywords
- nonvolatile memory
- system data
- data
- damage
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1469—Backup restoration techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1415—Saving, restoring, recovering or retrying at system level
- G06F11/1417—Boot up procedures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1456—Hardware arrangements for backup
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/0614—Improving the reliability of storage systems
- G06F3/0619—Improving the reliability of storage systems in relation to data integrity, e.g. data losses, bit errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0683—Plurality of storage devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/1608—Error detection by comparing the output signals of redundant hardware
- G06F11/1612—Error detection by comparing the output signals of redundant hardware where the redundant component is persistent storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/83—Indexing scheme relating to error detection, to error correction, and to monitoring the solution involving signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/84—Using snapshots, i.e. a logical point-in-time copy of the data
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Human Computer Interaction (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
A first non-volatile memory stores a redundant copy of system data that relates to a configuration of at least one physical component of a system, where the first non-volatile memory is accessible by a controller in the system and inaccessible to a processor in the system. It is determined whether system data in a second non-volatile memory accessible by the processor is compromised. In response to determining that the system data in the second non-volatile memory is compromised, the compromised system data in the second non-volatile memory is repaired.
Description
Background technology
Computing system can comprise the code of the various startups energy performing computing system.This code can comprise basic input/output (BIOS) code or other codes.
Accompanying drawing explanation
For accompanying drawing below, some embodiments are described:
Fig. 1 is the process flow diagram of the system data integrity verification procedures according to some embodiments;
Fig. 2 and Fig. 3 is the block diagram of the exemplary computing system comprising some embodiments; And
Fig. 4 is the process flow diagram of the management engine area validation process according to some embodiments.
Embodiment
Various types of system data can be stored in the nonvolatile memory of computing system.System data is accessed at the run duration of computing system, to guarantee the true(-)running of computing system.System data can be stored in various data structures in the nonvolatile memory, and can be relevant with the configuration of at least one assembly in computing system.Such as, system data can be relevant with the configuration of computing system, or alternatively, system data can be relevant with the configuration of the single component of computing system or multiple assembly.
The example of computing system comprises desktop computer, notebook computer, panel computer, personal digital assistant (PDA), smart phone, game machine, server computer, memory node, network communication node etc.
System data in nonvolatile memory can be damaged due to (such as, the Malware causes) unauthorized access in computing system and operation.In addition, the system data in nonvolatile memory may inadvertently be compromised.Once system data is damaged, the true(-)running of computing system is infeasible.
Although provide protection to store the mechanism of system code in the nonvolatile memory from damage, the mechanism for the protection of the system data stored in the nonvolatile memory may not be there is.The example that can be stored system code in the nonvolatile memory can comprise the system firmware for the startup or recovery operation performing computing system.System firmware is with the above executable machine readable instructions form of the processor (or multiple processor) at computing system.
System firmware can comprise: can the various assembly of initialization computing system basic input/output (BIOS) code of the operating system (OS) of loading calculation system.Bios code can perform the inspection to nextport hardware component NextPort, to guarantee that nextport hardware component NextPort exists and normally runs.This can be a part for such as power-on self-test (POST) step.After POST step, bios code can proceed remaining initiating sequence, and after this, bios code can load OS, and forwards control to OS.Bios code can comprise legacy BIOS code or unified Extensible Firmware Interface (UEFI) code.In some instances, bios code can be included in OS load after perform operation time part.
At least some in below the example that can be stored system data in the nonvolatile memory comprises.Although the particular example of reference system data, notices, the system data of other types can be applied to according to the technology of some embodiments or mechanism.
System data can comprise: can refer to the machine unique data for the unique any configuration data of each specific computing system or setting.The example of machine unique data can comprise following any or some combinations: ProductName, product type, keeper unit (SKU) number (for identifying each computing system of sale), the sequence number of computing system, system or commodity tracing number (for identifying the system board of computing system), system configuration identifier (for identifying the configuration of computing system), warranty data (for describing the guarantee be associated with computing system), universal unique identifier (UUID), the default setting of bios code, for the protection of information and unique encryption identifier information being bound to computing system (such as, encryption key) etc.There is provided foregoing teachings as the example of machine unique data; In other examples, the machine unique data of other or additional type can be provided.Machine unique data can be stored in the data structure of correspondence in the nonvolatile memory, machine unique data (MUD) region of such as nonvolatile memory.
System data also can comprise the configuration data of the network controller of computing system.Network controller can be used for according to the such as procotol of Ethernet protocol (such as, the Ethernet protocol of gigabit Ethernet agreement or other types) or the agreement of other types at the enterprising Serial Communication of network.That in the example of megabit Ethernet (GbE) agreement, the configuration data of network controller can comprise the data in the GbE region of nonvolatile memory in the procotol supported by network controller.GbE region is the data structure of the configuration data (such as, setting able to programme) of the network controller of the part comprised for can be used as computing system.Time bus reset signal in the bus be connected with network controller invalid (deassertion), read setting able to programme by network controller.
In other examples, system data can comprise the data in the descriptor region in nonvolatile memory.Descriptor region comprises the information of layout of nonvolatile memory and the data structure of the configuration parameter for I/O (I/O) controller (such as, from the platform courses center (PCH) of intel corporation or the I/O controller of other types) that describe storage system firmware.PCH can comprise various function, be included in the display interface device of graphics subsystem, to can with the system bus interface etc. of the system bus of various I/O equipment connection.I/O controller I/O can read the data in descriptor region when exiting from resetting.
According to some embodiments, in order to perform the integrity verification of the system data in nonvolatile memory, the redundant copies of system data can be provided.In some embodiments, the system data that computing system uses is stored in elementary nonvolatile memory.The redundant copies of system data is stored in secondary nonvolatile memory.The redundant copies of system data can be identical with the system data in elementary nonvolatile memory, can be maybe the different version (version more early or subsequent editions) of the system data in secondary nonvolatile memory.
Fig. 1 is the process flow diagram of the system data proof procedure according to some embodiments.Some tasks of Fig. 1 can be performed by the controller (such as embedded controller) be separated with one or more processors of the computing system for executive system firmware.As discussed further below, embedded controller can be used for performing specific appointed task.Some tasks of Fig. 1 also can be performed by system firmware.
The redundant copies of system data is stored in secondary nonvolatile memory by the process (102) of Fig. 1, and wherein, system data is relevant with the configuration of at least one physical assemblies of computing system.Such as, system data can comprise machine unique data, the configuration data of network controller and descriptor region data.Secondary nonvolatile memory can be accessed by embedded controller, but can not by the one or more processor access in computing system.One or more proof test value also can be stored in secondary nonvolatile memory by this process, other values that wherein, one or more proof test value can be cryptographic hash, School Affairs or the content based on each system data calculate.
The process (104) of Fig. 1 based on system data redundant copies or whether determine based on the one or more proof test values in secondary nonvolatile memory can be damaged by the system data in the secondary nonvolatile memory of one or more processor access.
Damaged in response to the system data determined in elementary nonvolatile memory, embedded controller and/or system firmware (106) can repair by using the redundant copies of the system data in secondary nonvolatile memory the system data damaged in elementary nonvolatile memory.
Fig. 2 is the block diagram of exemplary computing system 200, and computing system 200 comprises embedded controller 202, elementary nonvolatile memory 204, processor 206 and secondary nonvolatile memory 216.Elementary nonvolatile memory 204 is can by the shared nonvolatile memory of multiple entities access comprising embedded controller 202 and at least one other entity (comprising processor 206).Secondary nonvolatile memory 216 can be accessed by embedded controller 202, but can not by other component accesses (effectively, secondary nonvolatile memory 216 and the entity electric isolution except embedded controller 202) in processor 206 or computing system 200.Make secondary nonvolatile memory 216 content of secondary nonvolatile memory 216 can not be protected to distort from unauthorized by processor 206 and other component accesses.Secondary nonvolatile memory 216 can be accessed by in-line memory 202 at any time.
Although not shown in Fig. 2, I/O (I/O) controller can be arranged between processor 206 and elementary nonvolatile memory 204.
Secondary nonvolatile memory 216 can physically be separated from elementary nonvolatile memory 204 (such as realizing in different physical storage devices).Alternatively, secondary nonvolatile memory 216 and elementary nonvolatile memory 204 can be physically located on sharing storage equipment, but elementary nonvolatile memory 204 and secondary nonvolatile memory 216 are in the different sections of physical storage device, wherein, the section comprising the physical storage device of secondary nonvolatile memory 216 only can be accessed by embedded controller 202.In other words, comprise the section of secondary nonvolatile memory 216 under the Absolute control of embedded controller 202, and this section can be locked from the access of processor 206 or other entities.
Elementary nonvolatile memory 204 can be visited by shared bus 220 by embedded controller 202 or other entities.Notice, secondary nonvolatile memory 216 and shared bus 220 electric isolution.In some embodiments, only an entity can, in access of given time shared bus 220, make once an only entity may have access to elementary nonvolatile memory 204.In some instances, shared bus 220 is shared Serial Peripheral Interface (SPI) (SPI) buses.Spi bus is synchronous serial data link, and wherein, the equipment in SIP bus runs with master slave mode.In other examples, the shared bus 220 of other types can be used.In optional example, arbitration mechanism can be provided allow the share and access of the bus 220 of the various states being in the computing system comprising low power consumpting state or normal run time behaviour.
Elementary nonvolatile memory 204 can storage system firmware 207, and system firmware 207 can comprise bios code.System firmware 207 can comprise EC firmware 208 and startup module 210, EC firmware 208 performs for embedded controller 202, and starting module 210 will be performed by processor 206.Although with reference to " EC firmware ", notice, technology or mechanism can be applicable to the other forms of controller code that can be performed by embedded Control 202.Embedded controller code comprises the machine readable instructions that can perform on embedded controller.
According in the example of Fig. 2, EC firmware 208 is included in the startup module 210 of system firmware 207.Being included in by EC firmware 208 to start in module 210 can provide by the instruction of entity indicia EC firmware 208 providing system firmware 207, and this entity can be supplier or other entities of computing system 200.In other examples, EC firmware 208 can be separated with startup module 210.
Start the part that module 210 is bios codes, and first perform when computing system 200 starts.Before permission residue bios code is performed on processor 206, first performs and start module 210.Start the integrality that module 210 can be used for checking BIOS, and can be used for performing other Elementary Functions.If start the integrality that module 210 confirms bios code, then starting module 210 subsequently can will control to forward to a part for all the other bios codes operated be associated with bios code for initialization.
In some embodiments, start core (CRTM) logic that module 210 can comprise credible tolerance root, CRTM logic is the logic specified by Trusted Computing Group (TCG), industrial standard working group.During the step that powers on of computing system 200, CRTM logic can perform specific initialization task, and can carry out storing the repetitive measurement for using subsequently.Subsequently, CRTM logic before forwarding control the major part of bios code to, can check bios code.Perform once bios code completes and forward control to OS, OS can carry out the confidence level of verification computation system 200 based on the measurement undertaken by CRTM logic.
Embedded controller 202 is physically separated with the processor 206 of computing system 200.Processor 206 is for performing other codes in OS, application code and system 200.On the other hand, embedded controller 202 can be used for performing the specific preplanned mission as being programmed in EC firmware 208.The example of the task that can be performed by embedded controller 202 comprise following in any one or some combinations: the Energy control (for controlling the power supply of the various assemblies be supplied to by supply voltage in computing system 200) in computing system 200, to charging and the control of the battery in computing system 200, heat monitoring (temperature in monitoring calculation system 200), fan control (fan in controlling calculation system 200), and with user input device mutual (such as, perform to the scanning of the keyboard of computing system 200 or with such as mouse, Trackpad, the orientation equipment of touch-screen etc. mutual).Embedded controller 202 can realize with the programmable circuit of microcontroller, application specific integrated circuit (ASIC), programmable gate array (PGA) or any other types.
The redundant copies 214 of secondary nonvolatile memory 216 storage system firmware, wherein, system firmware redundant copies 214 comprises startup module 232 and EC firmware 230.System firmware redundant copies 214 in secondary nonvolatile memory 216 can be the copy of the system firmware 207 in elementary nonvolatile memory 204.Alternatively, system firmware redundant copies 214 can be the version (subsequent editions or version more early) different from system firmware 207.
In some embodiments, system firmware redundant copies 214 only comprises startup module 232, but does not comprise the major part of system firmware 207.In other embodiments, system firmware redundant copies 214 can comprise the whole of system firmware 207.
Memory system data 240 gone back by elementary nonvolatile memory 204, such as, above the system data discussed further.During system cloud gray model, system data 240 can be accessed by computing system 200.
Embedded controller 202 can be indicated by the system firmware 207 such as performed on processor 206, to be copied in secondary nonvolatile memory 216 by the system data 240 in elementary nonvolatile memory 204.Such copy creates system data copy 242 in secondary nonvolatile memory 216.(such as, during factory manufactures computing system) can be performed the environment of safety from elementary nonvolatile memory 204 to the instruction of the copy of secondary nonvolatile memory 216 for executive system data 204.Alternatively, (such as, at the service of goods facility for service product) can being performed another environment from elementary nonvolatile memory 204 to the copy of secondary nonvolatile memory 216 of system data 240.
In some instances, when system data copy 242 is saved in secondary nonvolatile memory 216, embedded controller 202 can calculate Hash, School Affairs or other values (being commonly referred to " proof test value ") based on the content of system data.This proof test value can be saved to secondary nonvolatile memory 216, and copies 242 with system data and be associated.
Notice, can for copy to secondary nonvolatile memory 216 every type system data 240 (such as, machine unique data, GbE area data, descriptor region data etc.) and calculate independent proof test value.The proof test value associated with the various types of system datas in secondary nonvolatile memory 216 can be used for the integrality of the content of the system data of the every type verified in elementary nonvolatile memory 204 subsequently, to guarantee that this content is not damaged because of Malware, code error or other reasons.
Copy with the machine unique data be stored in secondary nonvolatile memory 216 proof test value be associated to be used by the system firmware 207 performed on processor 206, to verify the integrality of the machine unique data in elementary nonvolatile memory 204.System firmware 207 can carry out calculation check value based on the machine unique data in elementary nonvolatile memory 204, and the proof test value of calculating and the proof test value be stored in nonvolatile memory 216 can be compared.If proof test value mates, then system firmware 207 determines that the machine unique data in elementary nonvolatile memory 204 is effective subsequently.On the other hand, if proof test value does not mate, then system firmware 207 determines that machine unique data is damaged subsequently.
If determine that the machine unique data in elementary nonvolatile memory 204 is damaged, then the copy of the machine unique data subsequently in secondary nonvolatile memory 216 can be used for by replacing with the copy of the machine unique data from secondary nonvolatile memory 216 the machine unique data that the machine unique data damaged repairs damage.
Can be performed by embedded controller 202 checking of the GbE area data in elementary nonvolatile memory 204 or descriptor region data, and can't help system firmware 207 and perform.Similar with the integrality of verifier unique data, the proof test value of the storage in the proof test value of calculating and secondary nonvolatile memory 216 can compare by embedded controller 202, with determine GbE area data or descriptor region data whether damaged.
In other embodiments, verify each specific system data 240 in elementary nonvolatile memory 204 by each system data copy 242 in more secondary nonvolatile memory 216, instead of use the proof test value be stored in secondary nonvolatile memory 216.Such as, each of machine unique data in elementary nonvolatile memory 204, GbE area data or descriptor region data and machine unique data, GbE area data or descriptor region data can be copied and compare, to determine whether changing of each data, this represents that each data are damaged.
In further embodiment, system firmware 207 and/or embedded controller 202 can monitor the write for system data 240 in elementary nonvolatile memory 204.Any write like this can notify system firmware 207 and/or embedded controller 202, makes system firmware 207 and/or embedded controller 202 can perform the checking of the system data 240 to write, in case the unauthorized of locking system data 240 upgrades.
As mentioned above, in security context, (such as, at factory or restoration facilities) the system data copy 242 in secondary nonvolatile memory 216 can be gathered.Be stored in secondary nonvolatile memory 216 system data copy 242 can by as read-only with protection system data copy 242 from damage.
In alternative embodiments, signature can be associated with the system data 240 be stored in elementary nonvolatile memory 204.Such signature can comprise the digital signature using asymmetric or symmetric cryptography to produce.Alternatively, signature can be the cryptographic hash calculated based on the content of system data 240.Such as, signature can be associated with each in the machine unique data be stored in elementary nonvolatile memory 204, GbE area data and descriptor region data.Signature can based on the encryption of other values calculated cryptographic hash, proof test value or the content based on each system data 240.Encryption key (such as, PKI or private key) can be used to perform encryption.In order to verify each system data 240 and source thereof integrality, encryption key (such as, PKI or private key) can be used to be decrypted signature.Subsequently, the value of deciphering and cryptographic hash can be compared, to verify the integrality of each system data 240 and source thereof.
By signature and each security update mechanism considered outside factory or service environment that is associated in different system datas 240.Such as, to carry out the machine unique data in elementary nonvolatile memory 204, GbE area data or descriptor region data more in new events will perform, each signature can be used for guaranteeing that more new data is from trusted source.
In addition, in the event that correspondence system data copy 242 becomes damaged, embedded controller 202 can identify machine unique data, GbE area data or descriptor region data in elementary nonvolatile memory 204, for each system data copy 242 upgraded in secondary nonvolatile memory 216.
Also by the signature with each system data copy 242 is stored in secondary nonvolatile memory 216; can protection system data copy 242 from such as by Malware or distorting of even being caused by physical attacks; wherein, secondary nonvolatile memory 216 is removed and is reprogrammed by different contents.
In other embodiments, as illustrated further in Fig. 3, elementary nonvolatile memory 204 can be stored as storage administration engine (ME) region 302 of the another kind of data structure in elementary nonvolatile memory 204 further.ME region 302 comprises the code (such as, firmware or other machines instructions) of the ME304 of the part as the chipset from intel corporation.ME region 302 also can comprise the data be associated with ME code.Such as, ME304 can be included in and be connected in the I/O controller 306 of shared bus 220.I/O controller 306 can comprise the I/O controller of PCH or other types.ME304 provides the function allowing such as to monitor, safeguard, upgrade, upgrade and repair computing system.The another kind of example of this entity comprises the platform safety processor (PSP) from advanced micro devices company (AMD).
Traditionally, be expendable in the field of ME area data 302 in damage event.According to some embodiments, ME304 can monitor the content in ME region 302.Such as, cryptographic hash, proof test value or other values can be calculated based on the content in ME region 302, and the Hash of itself and pre-stored, proof test value or other values are compared.
Secondary nonvolatile memory 216 can store M E individual information 308.The instruction that ME individual information 308 provides which or which feature of ME304 to be activated or to have forbidden.One or more features of ME304 may be activated/forbid in factory or in another place.ME individual information 308 is based on enabling/forbidding in factory or one or more features of ME304 of arranging in another place.
Fig. 4 illustrates the proving program relevant with ME region 302.If (402) detect that ME region 302 is damaged, then ME304 (or embedded controller 302) (404) can notify that (performing on processor 206) system firmware 207ME region 302 is damaged.Responsively, system firmware 207 can the order of (406) transmission for starting the computing system 200 with unblocked ME region 302.Descriptor region in elementary nonvolatile memory 204 can comprise specifying and will stop ME region 302 not by the restrict access of any machine readable instructions access performed on processor 206.Order notice I/O controller 306 read/write ignored in the descriptor region relevant with ME region 302 for starting the computing system 200 with unblocked ME region 302 limits.
The computing system 200 that (408) have unblocked ME region 302 is activated.During setting up procedure, system firmware 207 can (410) by by Recovery image from External memory equipment or copy elementary nonvolatile memory 204 to from secondary nonvolatile memory 216 and repair ME region 302.
In addition, system firmware 207 can (412) ask embedded controller 202 the ME individual information 308 be stored in secondary nonvolatile memory 216 to be copied to the ME region 302 of elementary nonvolatile memory 204.The instruction that ME individual information 308 provides which or multiple feature of ME304 to be activated or to have forbidden.One or more features of ME304 may be activated/forbid in factory or in another place.By ME individual information 308, the ME region 302 copied in elementary nonvolatile memory 204 makes the one or more suitable feature of ME304 be activated or forbid.
In the said process of Fig. 4, alternative use embedded controller 202, instead of use system firmware 207 to perform various task.
Load the machine readable instructions of above-described various module, above perform at treatment circuit (such as, embedded Control 102 or processor 106).Treatment circuit can comprise microprocessor, microcontroller, processor module or subsystem, programmable integrated circuit, programmable gate array or other control or computing equipment is liked.
Data and instruction are stored in and are implemented as in each memory device of one or more computer-readable or machine-readable storage media.Medium comprises multi-form storer, comprise: semiconductor memory apparatus, such as, dynamic or static RAM (DRAM or SRAM), Erasable Programmable Read Only Memory EPROM (EPROM), Electrically Erasable Read Only Memory (EEPROM) and flash memory; Disk, such as, hard disk, floppy disk and moveable magnetic disc; Comprise other magnetic mediums of tape; Optical media, such as, CD (CD) or digital video disks (DVD); Or the memory device of other types.Notice, instruction discussed above can be arranged on a computer-readable or machinable medium, or alternatively, can be arranged in multiple computer-readable in the Iarge-scale system being distributed in and can having multiple node or machine-readable storage media.This one or more computer-readable or machinable medium or media are considered to the part of article (or goods).Article or goods can refer to an assembly of any manufacture or multiple assembly.Storage medium or media can be arranged in the machine running machine readable instructions, or are positioned at the long-range place by web download machine readable instructions, for execution.
In description above, in order to provide, multiple details is set forth to the understanding of theme disclosed herein.But, can when do not have in these details some or all embodiment.Other embodiments can comprise the modifications and variations of details discussed above.Object is: appended claim contains this modifications and variations.
Claims (15)
1. a method, comprising:
The redundant copies of the system data relevant with the configuration of at least one physical assemblies of system is stored in the first nonvolatile memory, wherein, described first nonvolatile memory can by the controller access in described system, and can not by the processor access in described system;
Whether determine can be damaged by the system data in the second nonvolatile memory of described processor access; And
Damaged in response to the described system data determined in described second nonvolatile memory, repair the system data of the damage in described second nonvolatile memory.
2. described method according to claim 1, wherein, the described system data in described second nonvolatile memory comprises machine unique data.
3. described method according to claim 1, wherein, the described system data in described second nonvolatile memory comprises the data relevant with the configuration of network controller.
4. described method according to claim 1, wherein, the described system data in described second nonvolatile memory comprises the data of the layout describing described second nonvolatile memory.
5. described method according to claim 1, comprises further:
The individual information that storage and management entity is relevant in described first nonvolatile memory; And
Use described individual information with the Fault recovery of the machine readable instructions from described management entity.
6. described method according to claim 5, comprises further:
Use from External memory equipment or the code from described first nonvolatile memory, recover the described machine readable instructions of described management entity.
7. described method according to claim 1, comprises further:
Store the signature be associated with the described system data in described second nonvolatile memory.
8. described method according to claim 7, comprise further: in response to the described system data used in the second nonvolatile memory described in described signature verification, use the described system data in described second nonvolatile memory to upgrade the described redundant copies of described system data.
9. described method according to claim 7, comprises further: the security update performing the described system data in described second nonvolatile memory.
10. a system, comprising:
Processor;
Embedded controller;
First nonvolatile memory, store the redundant copies of the system data relevant with the configuration of at least one physical assemblies in described system, wherein, described first nonvolatile memory can be accessed by described embedded controller, and can not by described processor access; And
Second nonvolatile memory, stores described system data, and wherein, described second nonvolatile memory can by described embedded controller and described processor access,
Wherein, described embedded controller for using the information in described first nonvolatile memory of being stored in detect the damage of the Part I of the described system data in described second nonvolatile memory, and for the Part I of the damage of repairing the described system data in described second nonvolatile memory.
11. described systems according to claim 10, comprise further: system start-up code, wherein, described system start-up code can be performed to use the information in described first nonvolatile memory of being stored in detect the damage of the Part II of the described system data in described second nonvolatile memory, and for the Part II of the damage of repairing the described system data in described second nonvolatile memory.
12. described systems according to claim 10, wherein, the described information of the damage of the described Part I for detecting described system data used by described embedded controller comprises: the proof test value that the content based on the described Part I of described system data calculates.
13. described systems according to claim 10, wherein, the described information of the damage of the described Part I for detecting described system data used by described embedded controller comprises: the described redundant copies of described system data.
14. 1 kinds of article, comprise at least one machinable medium storing instruction, cause system when performing described instruction:
The redundant copies of the system data relevant with the configuration of at least one physical assemblies of system is stored in the first nonvolatile memory, wherein, described first nonvolatile memory can by the controller access in described system, and can not by the processor access in described system;
Whether determined based on the information be stored in described first nonvolatile memory by described controller can be damaged by the Part I of the system data in the second nonvolatile memory of described processor access; And
Described Part I in response to the described system data determined in described second nonvolatile memory is damaged, is repaired the Part I of the damage of the described system data in described second nonvolatile memory by described controller.
15. described article according to claim 14, wherein, described reparation comprises: the Part I being repaired the damage of described system data by the Part I of the damage of the described system data in described second nonvolatile memory of described redundant copies replacement of the described Part I with the described system data from described first nonvolatile memory.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2013/037729 WO2014175865A1 (en) | 2013-04-23 | 2013-04-23 | Repairing compromised system data in a non-volatile memory |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105122214A true CN105122214A (en) | 2015-12-02 |
CN105122214B CN105122214B (en) | 2019-03-01 |
Family
ID=51792254
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380075647.4A Active CN105122214B (en) | 2013-04-23 | 2013-04-23 | Reparation to the system data damaged in nonvolatile memory |
Country Status (5)
Country | Link |
---|---|
US (1) | US9990255B2 (en) |
EP (1) | EP2989547B1 (en) |
CN (1) | CN105122214B (en) |
TW (1) | TWI549136B (en) |
WO (1) | WO2014175865A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112099987A (en) * | 2020-09-07 | 2020-12-18 | 中国第一汽车股份有限公司 | Data management method, device, equipment and storage medium |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102015218882A1 (en) * | 2015-09-30 | 2017-03-30 | Robert Bosch Gmbh | Method and device for checking calculation results in a system with several processing units |
JP6723863B2 (en) * | 2016-08-01 | 2020-07-15 | オリンパス株式会社 | Embedded system, photography equipment and refresh method |
CN106648632A (en) * | 2016-12-02 | 2017-05-10 | 英业达科技有限公司 | Computer system |
US10802916B2 (en) * | 2017-08-04 | 2020-10-13 | Dell Products, L.P. | System and method to enable rapid recovery of an operating system image of an information handling system after a malicious attack |
CN109614798B (en) * | 2017-09-30 | 2022-12-27 | 华为技术有限公司 | Safe starting method and device and terminal equipment |
US11182148B2 (en) * | 2018-03-13 | 2021-11-23 | Dell Products L.P. | System and method for automated BIOS recovery after BIOS corruption |
KR102571747B1 (en) * | 2018-04-06 | 2023-08-29 | 에스케이하이닉스 주식회사 | Data storage device and operating method thereof |
US10853179B2 (en) * | 2018-12-21 | 2020-12-01 | Dell Products L.P. | Information handling system and method for restoring firmware in one or more regions of a flash memory device |
US11418335B2 (en) | 2019-02-01 | 2022-08-16 | Hewlett-Packard Development Company, L.P. | Security credential derivation |
WO2020167283A1 (en) | 2019-02-11 | 2020-08-20 | Hewlett-Packard Development Company, L.P. | Recovery from corruption |
US11347519B2 (en) * | 2020-05-27 | 2022-05-31 | Dell Products L.P. | Systems and methods for detecting short-term changes to BIOS setup |
US11487621B1 (en) * | 2021-04-29 | 2022-11-01 | Dell Products L.P. | Linking embedded controller with memory reference code and system bios shadowing |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040268079A1 (en) * | 2003-06-24 | 2004-12-30 | International Business Machines Corporation | Method and system for providing a secure rapid restore backup of a raid system |
US20050081090A1 (en) * | 2003-09-29 | 2005-04-14 | Giga-Byte Technology Co., Ltd. | Method for automatically and safely recovering BIOS memory circuit in memory device including double BIOS memory circuits |
US7100087B2 (en) * | 2001-12-28 | 2006-08-29 | Asustek Computer Inc. | Module and method for automatic restoring BIOS device |
US20090158020A1 (en) * | 2005-12-30 | 2009-06-18 | Hanying Chen | System Backup And Recovery Solution Based On BIOS |
US20110093741A1 (en) * | 2009-10-15 | 2011-04-21 | Te-Yu Liang | Method for recovering bios and computer system thereof |
US20120303944A1 (en) * | 2011-05-24 | 2012-11-29 | Hon Hai Precision Industry Co., Ltd. | Data recovering system and method |
Family Cites Families (100)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2772103B2 (en) | 1990-03-28 | 1998-07-02 | 株式会社東芝 | Computer system startup method |
US5432927A (en) | 1992-06-17 | 1995-07-11 | Eaton Corporation | Fail-safe EEPROM based rewritable boot system |
US5327531A (en) * | 1992-09-21 | 1994-07-05 | International Business Machines Corp. | Data processing system including corrupt flash ROM recovery |
US5469573A (en) | 1993-02-26 | 1995-11-21 | Sytron Corporation | Disk operating system backup and recovery system |
US5745669A (en) | 1993-10-21 | 1998-04-28 | Ast Research, Inc. | System and method for recovering PC configurations |
US5713024A (en) | 1994-06-10 | 1998-01-27 | Exabyte Corporation | Cold boot data backup system |
US5564054A (en) | 1994-08-25 | 1996-10-08 | International Business Machines Corporation | Fail-safe computer boot apparatus and method |
JP3088269B2 (en) | 1995-07-26 | 2000-09-18 | 日本電気通信システム株式会社 | Computer network system and operating system version management method |
US5822581A (en) | 1995-09-29 | 1998-10-13 | Intel Corporation | Method for CMOS configuration information storage and retrieval in flash |
US5918047A (en) | 1996-01-26 | 1999-06-29 | Texas Instruments Incorporated | Initializing a processing system |
US6205527B1 (en) | 1998-02-24 | 2001-03-20 | Adaptec, Inc. | Intelligent backup and restoring system and method for implementing the same |
US5987605A (en) | 1998-02-28 | 1999-11-16 | Hewlett-Packard Co. | Methods and apparatus for dual-boot memory selection, update, and recovery in a programmable device |
US6275930B1 (en) | 1998-08-12 | 2001-08-14 | Symantec Corporation | Method, computer, and article of manufacturing for fault tolerant booting |
US6539473B1 (en) | 1999-09-02 | 2003-03-25 | International Business Machines Corporation | Remotely controlled boot manager |
US20060075395A1 (en) | 2004-10-01 | 2006-04-06 | Lee Charles C | Flash card system |
US8296467B2 (en) | 2000-01-06 | 2012-10-23 | Super Talent Electronics Inc. | Single-chip flash device with boot code transfer capability |
JP3838840B2 (en) | 2000-01-06 | 2006-10-25 | Necエレクトロニクス株式会社 | Computer |
US7676640B2 (en) | 2000-01-06 | 2010-03-09 | Super Talent Electronics, Inc. | Flash memory controller controlling various flash memory cells |
JP2001209543A (en) | 2000-01-28 | 2001-08-03 | Nec Ic Microcomput Syst Ltd | Program rewriting method for flash microcomputer |
GB2367656A (en) * | 2000-10-06 | 2002-04-10 | Hewlett Packard Co | Self-repairing operating system for computer entities |
US6807630B2 (en) | 2000-12-15 | 2004-10-19 | International Business Machines Corporation | Method for fast reinitialization wherein a saved system image of an operating system is transferred into a primary memory from a secondary memory |
US6651188B2 (en) | 2001-06-29 | 2003-11-18 | Intel Corporation | Automatic replacement of corrupted BIOS image |
US7069445B2 (en) | 2001-11-30 | 2006-06-27 | Lenovo (Singapore) Pte. Ltd | System and method for migration of a version of a bootable program |
JP3863447B2 (en) | 2002-03-08 | 2006-12-27 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Authentication system, firmware device, electrical device, and authentication method |
EP1372068A3 (en) | 2002-06-11 | 2006-02-08 | Seiko Epson Corporation | System, method and program for rewriting a flash memory |
US7143275B2 (en) | 2002-08-01 | 2006-11-28 | Hewlett-Packard Development Company, L.P. | System firmware back-up using a BIOS-accessible pre-boot partition |
US20040030877A1 (en) | 2002-08-06 | 2004-02-12 | Aleksandr Frid | Using system BIOS to update embedded controller firmware |
US6915420B2 (en) | 2003-01-06 | 2005-07-05 | John Alan Hensley | Method for creating and protecting a back-up operating system within existing storage that is not hidden during operation |
US20040193862A1 (en) | 2003-03-31 | 2004-09-30 | Johnson Lin | Device with high storage capacity and several BIOS backup copies |
US7136994B2 (en) | 2003-05-13 | 2006-11-14 | Intel Corporation | Recovery images in an operational firmware environment |
US7533274B2 (en) | 2003-11-13 | 2009-05-12 | International Business Machines Corporation | Reducing the boot time of a TCPA based computing system when the core root of trust measurement is embedded in the boot block code |
US20050190699A1 (en) | 2004-02-26 | 2005-09-01 | Smith Carey W. | Collecting hardware asset information |
US7185191B2 (en) | 2004-05-05 | 2007-02-27 | International Business Machines Corporation | Updatable firmware having boot and/or communication redundancy |
US20050273588A1 (en) | 2004-06-08 | 2005-12-08 | Ong Soo K | Bootstrap method and apparatus with plural interchangeable boot code images |
KR101038567B1 (en) * | 2004-07-13 | 2011-06-02 | 엘지전자 주식회사 | Apparatus for System crisis and Method thereof |
US20060020844A1 (en) * | 2004-07-22 | 2006-01-26 | Gibbons Patrick L | Recovery of custom BIOS settings |
US7409539B2 (en) | 2004-08-06 | 2008-08-05 | International Business Machines Corporation | System design and code update strategy to implement a self-healing, self-verifying system |
US7370234B2 (en) | 2004-10-14 | 2008-05-06 | International Business Machines Corporation | Method for system recovery |
US7373551B2 (en) * | 2004-12-21 | 2008-05-13 | Intel Corporation | Method to provide autonomic boot recovery |
US7340595B2 (en) * | 2005-01-07 | 2008-03-04 | International Business Machines Corporation | Multiplex execution-path system |
US8028172B2 (en) | 2005-01-14 | 2011-09-27 | Microsoft Corporation | Systems and methods for updating a secure boot process on a computer with a hardware security module |
US7711989B2 (en) * | 2005-04-01 | 2010-05-04 | Dot Hill Systems Corporation | Storage system with automatic redundant code component failure detection, notification, and repair |
US20060225067A1 (en) | 2005-04-05 | 2006-10-05 | Inventec Corporation | Method for automatically updating and backing up the BIOS |
US8006125B1 (en) * | 2005-04-29 | 2011-08-23 | Microsoft Corporation | Automatic detection and recovery of corrupt disk metadata |
US7734945B1 (en) | 2005-04-29 | 2010-06-08 | Microsoft Corporation | Automated recovery of unbootable systems |
US7193895B2 (en) | 2005-06-24 | 2007-03-20 | Chingis Technology Corporation | Redundant memory content substitution apparatus and method |
TW200739417A (en) | 2006-04-14 | 2007-10-16 | Benq Corp | Method for software processing and firmware updating in different OS and system thereof |
US8863309B2 (en) | 2006-04-27 | 2014-10-14 | Hewlett-Packard Development Company, L.P. | Selectively unlocking a core root of trust for measurement (CRTM) |
TW200809611A (en) | 2006-08-11 | 2008-02-16 | Quanta Comp Inc | Embedded system and the boot code auto-copy method |
US7886190B2 (en) * | 2006-09-29 | 2011-02-08 | Intel Corporation | System and method for enabling seamless boot recovery |
JP4784888B2 (en) | 2006-11-09 | 2011-10-05 | エスアイアイ・ナノテクノロジー株式会社 | Method for preparing sample for atom probe analysis by FIB and apparatus for implementing the same |
US7613872B2 (en) | 2006-11-28 | 2009-11-03 | International Business Machines Corporation | Providing core root of trust measurement (CRTM) for systems using a backup copy of basic input/output system (BIOS) |
TW200825915A (en) | 2006-12-07 | 2008-06-16 | Wistron Corp | Computer system and related method for preventing from failing to update BIOS program |
JP5244124B2 (en) | 2007-01-04 | 2013-07-24 | サンディスク アイエル リミテッド | Recovering from file transfer failure between host and data storage device |
US20080195750A1 (en) | 2007-02-09 | 2008-08-14 | Microsoft Corporation | Secure cross platform auditing |
US7743424B2 (en) | 2007-02-22 | 2010-06-22 | Inventec Corporation | Method for protecting data in a hard disk |
US20090063834A1 (en) | 2007-09-05 | 2009-03-05 | Inventec Corporation | Auto-Switching Bios System and the Method Thereof |
US7925877B2 (en) | 2007-09-27 | 2011-04-12 | Texas Instruments Incorporated | Method, system and apparatus for providing a boot loader of an embedded system |
TWI362588B (en) | 2007-10-12 | 2012-04-21 | Asustek Comp Inc | Monitor apparatus, a monitoring method thereof and computer apparatus therewith |
CN101458648A (en) | 2007-12-12 | 2009-06-17 | 鸿富锦精密工业(深圳)有限公司 | Double-BIOS circuit |
US20090172639A1 (en) | 2007-12-27 | 2009-07-02 | Mahesh Natu | Firmware integrity verification |
US8392762B2 (en) | 2008-02-04 | 2013-03-05 | Honeywell International Inc. | System and method for detection and prevention of flash corruption |
TWI366135B (en) | 2008-03-26 | 2012-06-11 | Asustek Comp Inc | Method for restoring bios and computer thereof |
US7818622B2 (en) | 2008-04-29 | 2010-10-19 | International Business Machines Corporation | Method for recovering data processing system failures |
US7984286B2 (en) | 2008-06-25 | 2011-07-19 | Intel Corporation | Apparatus and method for secure boot environment |
US8055892B2 (en) | 2008-07-18 | 2011-11-08 | International Business Machines Corporation | Provision of remote system recovery services |
TW201007465A (en) | 2008-08-13 | 2010-02-16 | Ene Technology Inc | A sharable memory architecture of cache in a embedded controller and a method of sharing memory |
TWI460657B (en) | 2008-09-05 | 2014-11-11 | Asustek Comp Inc | Method for updating basic input/output system and method for repairing thereof |
US20100082960A1 (en) | 2008-09-30 | 2010-04-01 | Steve Grobman | Protected network boot of operating system |
TWI382346B (en) | 2008-10-20 | 2013-01-11 | Asustek Comp Inc | Computer system with dual bios protection mechanism and control method of the same |
TW201033808A (en) | 2009-03-10 | 2010-09-16 | Vivotek Inc | System recovery method and embedded system with auto-recovery function |
US9377960B2 (en) | 2009-07-29 | 2016-06-28 | Hgst Technologies Santa Ana, Inc. | System and method of using stripes for recovering data in a flash storage system |
US8812854B2 (en) * | 2009-10-13 | 2014-08-19 | Google Inc. | Firmware verified boot |
TW201115341A (en) * | 2009-10-20 | 2011-05-01 | Inventec Corp | Method for protecting redundant data |
US8838949B2 (en) | 2010-03-22 | 2014-09-16 | Qualcomm Incorporated | Direct scatter loading of executable software image from a primary processor to one or more secondary processor in a multi-processor system |
US8429391B2 (en) | 2010-04-16 | 2013-04-23 | Micron Technology, Inc. | Boot partitions in memory devices and systems |
US20120011393A1 (en) | 2010-07-06 | 2012-01-12 | Roberts Richard B | Bios recovery |
US9063836B2 (en) * | 2010-07-26 | 2015-06-23 | Intel Corporation | Methods and apparatus to protect segments of memory |
US8499295B2 (en) | 2010-09-20 | 2013-07-30 | American Megatrends, Inc. | Microcontroller firmware running from RAM and applications of the same |
US8489922B2 (en) | 2010-11-17 | 2013-07-16 | Apple Inc. | Networked recovery system |
TWI459294B (en) | 2011-03-18 | 2014-11-01 | Phoenix Tech Ltd | Bios update method and computer system for using the same |
JP5476363B2 (en) | 2011-12-19 | 2014-04-23 | レノボ・シンガポール・プライベート・リミテッド | Computer startup method using biometric authentication device and computer |
KR101856284B1 (en) | 2012-01-03 | 2018-06-25 | 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. | Backing up firmware during initialization of device |
KR101994811B1 (en) | 2012-03-04 | 2019-07-01 | 삼성전자주식회사 | Electronic apparatus, method for restore of mbr and computer-readable recording medium |
TWI564747B (en) | 2012-10-19 | 2017-01-01 | 威盛電子股份有限公司 | Electronic device and secure boot method |
US9575768B1 (en) | 2013-01-08 | 2017-02-21 | Marvell International Ltd. | Loading boot code from multiple memories |
US9558012B2 (en) | 2013-02-21 | 2017-01-31 | Applied Micro Circuits Corporation | System boot with external media |
US9336010B2 (en) | 2013-03-15 | 2016-05-10 | Xilinx, Inc. | Multi-boot or fallback boot of a system-on-chip using a file-based boot device |
US9852298B2 (en) * | 2013-04-23 | 2017-12-26 | Hewlett-Packard Development Company, L.P. | Configuring a system |
WO2014175864A1 (en) | 2013-04-23 | 2014-10-30 | Hewlett-Packard Development Company, L.P. | Event data structure to store event data |
EP2989579B1 (en) | 2013-04-23 | 2018-06-06 | Hewlett-Packard Development Company, L.P. | Redundant system boot code in a secondary non-volatile memory |
US9542195B1 (en) | 2013-07-29 | 2017-01-10 | Western Digital Technologies, Inc. | Motherboards and methods for BIOS failover using a first BIOS chip and a second BIOS chip |
TW201512831A (en) | 2013-09-30 | 2015-04-01 | Hon Hai Prec Ind Co Ltd | Computer booting system and method of a computer |
TW201520895A (en) | 2013-11-20 | 2015-06-01 | Hon Hai Prec Ind Co Ltd | System and method for automatically recovering BIOS of a computer |
US9411688B1 (en) | 2013-12-11 | 2016-08-09 | Xilinx, Inc. | System and method for searching multiple boot devices for boot images |
US9122893B1 (en) | 2014-02-24 | 2015-09-01 | International Business Machines Corporation | Trusted platform module switching |
US9262257B2 (en) | 2014-04-21 | 2016-02-16 | Netapp, Inc. | Providing boot data in a cluster network environment |
US9317691B2 (en) | 2014-05-08 | 2016-04-19 | Dell Products L.P. | Pre-boot software verification |
WO2016122520A1 (en) | 2015-01-29 | 2016-08-04 | Hewlett-Packard Development Company, L.P. | Resuming a system-on-a-chip device |
US9740866B2 (en) | 2015-06-10 | 2017-08-22 | The Boeing Company | Automatic measuring boot process using an automatic measuring processor coupled to a memory |
-
2013
- 2013-04-23 WO PCT/US2013/037729 patent/WO2014175865A1/en active Application Filing
- 2013-04-23 EP EP13883286.0A patent/EP2989547B1/en active Active
- 2013-04-23 US US14/780,981 patent/US9990255B2/en active Active
- 2013-04-23 CN CN201380075647.4A patent/CN105122214B/en active Active
-
2014
- 2014-02-26 TW TW103106573A patent/TWI549136B/en active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7100087B2 (en) * | 2001-12-28 | 2006-08-29 | Asustek Computer Inc. | Module and method for automatic restoring BIOS device |
US20040268079A1 (en) * | 2003-06-24 | 2004-12-30 | International Business Machines Corporation | Method and system for providing a secure rapid restore backup of a raid system |
US20050081090A1 (en) * | 2003-09-29 | 2005-04-14 | Giga-Byte Technology Co., Ltd. | Method for automatically and safely recovering BIOS memory circuit in memory device including double BIOS memory circuits |
US20090158020A1 (en) * | 2005-12-30 | 2009-06-18 | Hanying Chen | System Backup And Recovery Solution Based On BIOS |
US20110093741A1 (en) * | 2009-10-15 | 2011-04-21 | Te-Yu Liang | Method for recovering bios and computer system thereof |
US20120303944A1 (en) * | 2011-05-24 | 2012-11-29 | Hon Hai Precision Industry Co., Ltd. | Data recovering system and method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112099987A (en) * | 2020-09-07 | 2020-12-18 | 中国第一汽车股份有限公司 | Data management method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
US20160055069A1 (en) | 2016-02-25 |
TW201447903A (en) | 2014-12-16 |
EP2989547A1 (en) | 2016-03-02 |
EP2989547B1 (en) | 2018-03-14 |
EP2989547A4 (en) | 2017-01-18 |
US9990255B2 (en) | 2018-06-05 |
TWI549136B (en) | 2016-09-11 |
WO2014175865A1 (en) | 2014-10-30 |
CN105122214B (en) | 2019-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11520894B2 (en) | Verifying controller code | |
CN105122214A (en) | Repairing compromised system data in a non-volatile memory | |
TWI530790B (en) | System boot code recovery method, computing system, and controller for use in a system | |
US11843705B2 (en) | Dynamic certificate management as part of a distributed authentication system | |
US10089472B2 (en) | Event data structure to store event data | |
CN105122258B (en) | Method, computing system and the article that system is configured | |
TW201506675A (en) | Recovering from compromised system boot code | |
US20200293694A1 (en) | Protect computing device using hash based on power event | |
US9928367B2 (en) | Runtime verification | |
US20210232688A1 (en) | Determine whether to perform action on computing device based on analysis of endorsement information of a security co-processor | |
US20230297682A1 (en) | Computing device quarantine action system | |
CN116956267A (en) | Management controller based verification of platform certificates |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |